[throwawayyy6349]

Some privacy tips:

1. Use firefox with multi-account containers, with each domain set to auto-open in a different container (google, gmail, amazon, facebook, youtube, etc.). Make sure you're logged into google only in the gmail container (and not in the google search container), etc.

2. Use uMatrix and uBlock0, and enable limited third-party access using uMatrix dashboard only when a site breaks.

3. Enable DNS over https in firefox

4. Enable privacy.resistFingerprinting in firefox's about:config to thwart fingerprinting

5. Use the tor browser for browsing porn (or any site you really do not want associated with your IP).

Edit: Added resistFingerprinting to the list.

[furi]

To add to this, disabling WebRTC when you're not using it (media.peerconnection.enabled in Firefox) is also a good idea as when it's enabled websites can use it to derive your IP address behind a proxy/NAT such as a VPN or a home router to better identify which machine you are. I also turn off WebGL (webgl.disabled in Firefox) because it seems to expose a large attack surface for fingerprinting* but I'm not too well versed on the exact risks of it.

* = According to PanOptiClick.

[gruez]

ublock has an option to disable webrtc ip leak without disabling webrtc entirely.

[scrollaway]

I'm pro privacy and don't want to say "nothing to hide", but who cares if you browse porn?

As long as it's legal (so barring being in a regressive country where eg. gay porn is illegal), why would you go out of your way to use a VPN for it?

For sure, use DOH and HTTPS sites only, and I can understand if you're a public figure and don't want to accidentally like incest porn on your official Twitter account but beyond that, really who cares. A large majority of people watch and browse for porn, myself and most people in this thread included. Maybe time to dispense with the shame.

[falcolas]

Not all porn is equally legal (sodomy, for example). And our society (at least in the US) likes to pretend that it doesn't exist, which means that it's viable ammunition to attack a person's character with, publicly or privately.

So, in practice, this means that these big companies have ammunition which could be used to destroy careers and relationships. Whether used directly or incidentally via a data leak (it's not like those ever happen /s).

[everdrive]

Anyone with a publicly-facing job.

[deaddrop]

For 1, I use Temporary Containers[0] and have it set to auto-start and delete the containers as soon as the last related window closes.

It's a PIA for logging into things (e.g.: companies who use three different redirects to three different sub-domains) but that complaint is my fault, based on how I've configured it.

That plus deleting history on close of Firefox isn't enough to thwart the most egregious adversary (e.g.: those with three-lettered names) but should be enough for privacy concerns.

For 2, I might also recommend Canvas Fingerprint Detector[1]. Instead of not replying (which could be, in and of itself, a fingerprint[2]), it generates a random fingerprint signature in response; though, in principle, this might be a tracking vector, as well.

[0] - https://addons.mozilla.org/sv-SE/firefox/addon/temporary-con...

[1] - https://addons.mozilla.org/sv-SE/firefox/addon/canvas-finger...

[2] - https://multilogin.com/how-canvas-fingerprint-blockers-make-...

[throwawayyy6349]

> It's a PIA for logging into things

...which is why it's probably better to use multi-account containers that isolate and store your cookies in that container, for sites such as gmail that you use a lot. It's very simple to set it up to always auto-open in that container, no matter which container you type the address into.

[bitL]

Does the container provide "fake" lowest common denominator environment so that your browser cannot be fingerprinted? Are mouse movements and keyboard typing frequency randomized to avoid matching one's behavior to a subset of all users? If not, you are easy to spot.

[throwawayyy6349]

You can enable privacy.resistFingerprinting in firefox's about:config to thwart fingerprinting.

[ehnto]

We should be pushing for laws against fingerprinting. It was a cool idea, anonymously track users, but in practice it's not anonymous at all. Make a device fingerprint be PII and require tracking tools to get explicit consent before fingerprinting.

[trilila]

One might think that since browsing privately and securely is such a pain point, there would be more than one product (firefox) to solve the issue. Any HN entrepreneur types out there reading these posts?

[bitL]

Entrepreneurs go after money to survive, where is money in selling a private browser? Moreover, using some niche addon is a very nice signal to fingerprint one in the ocean of privacy-unaware users.

[trilila]

I wouldn't mind paying 10-20$ per year for a decent browser. At scale it might be profitable.

[fghtr]

You should consider donating this money to Firefox.

[cameronbrown]

You say you would, but would you really? Those are two vastly different things.

[dvfjsdhgfv]

Practically speaking, you would have to use Chromium as a base, if you want the product to be successful. And if you do that, Google has a million ways to screw you up. One of the first obstacles you will find will be Widevine. Hardly anyone moves past that point.

[ehnto]

Not sure why you got downvoted. Practically speaking, A fully fledged and compliant modern browser would require a team to build if not built off the back of another browser. So either you're a funded non-profit or you need to make money which doesn't seem compatible with privacy on the internet.

[S4M]

Why not use Firefox as a base?

[fghtr]

What about Tor Browser?

[blaser-waffle]

A lot of Tor nodes and endpoints are fairly small in terms of capacity and throughput. Streaming lots of porn vids through them eats up a lot of bandwidth compared to, say, writing emails or browsing darknet markets or reading about Tienanmen Square or something.

Tor has a place, but in most countries regular internet porn isn't seriously illegal. Save the limited Tor bandwidth for people that actually need protection, like gays in the middle east, victims of repressive regimes, etc.

Get a regular VPN, user-agent switcher, etc. for your pronz.

[kyboren]

Au contraire: More traffic benefits exactly those who need Tor's protection, because it grows the anonymity set. Your streaming innocuous porn over Tor helps to provide cover traffic for e.g. "gays in the middle east" streaming highly illegal porn. Without this cover traffic, Tor would be utterly useless.

So please do stream porn over Tor. Bandwidth capacity on the Tor network is just fine these days, and your use of Tor helps all those who really need the privacy and anonymity Tor can help to provide.

[fghtr]

Thank you, a very good point.

[trilila]

I have mixed feelings about Tor.

[anonymou2]

what is a pain about using Tor?

[dsfyu404ed]

The incessant captchas.

[Xelbair]

speaking of captchas..

try solving them in chrome, and in firefox on different network and device afterwards.

In firefox i am constantly getting annoying slow ones that fetch new images after marking one.

In chrome i get piss easy fast static ones.

[mirimir]

> 5. Use the tor browser for browsing porn (or any site you really do not want associated with your IP).

And in case the FBI or whatever is running your Tor entry guard, hit it via nested VPN chains.

[mirimir]

Maybe some y'all remember the CMU exploit. The FBI got their data, and pwned probably 1000s of onion sites and users.

If those onion sites and users had been hitting Tor through nested VPN chains, probably 90% at least would have been safe.

Tor Project folk like to hate on VPNs, but I'm not aware of any takedowns at that scale which involved VPN compromise.